More malware in the Google Play Store found to be draining batteries and racking up data charges
The apps in question were installed over 10 million times.
It seems we can’t go a week without another report about malware in the Google Play store. This time, it’s the aptly-named DrainerBot, a major fraud operation which sucked down your precious data allowances. This group of apps was downloaded over 10 million times, showing the sheer scale of the audacious plot.
Researchers at Oracle-owned Moat found the ad fraud operation, which was pretty sophisticated in how it worked. We all know that advertising pays, right? And advertising over video content pays most of all? Using this knowledge, the people responsible for DrainerBot downloaded hidden video ads to the phones it was installed on while creating revenue with every streaming video due to advertising.
According to Eric Roza, senior vice president of Oracle Data Cloud, who discovered the scheme, this is “one of the first times a major ad-fraud operation caused clear and direct financial harm to consumers.” After all, we all know our data plans aren’t cheap, even the supposedly ‘Unlimited’ ones. DrainerBot could be eating gigabytes of data per month, which adds up pretty quickly if you’re on a metered plan.
If you’re a heavy internet user, you might not even notice the extra data usage. Your phone might feel sluggish, or the battery gets warm or not last as long, but those are also symptoms of heavy browsing or YouTube use.
How to figure out if you’re infected
If you want to check to make sure that you don’t have DrainerBot hiding in one of your apps, go check your network data usage stats.
- In Android 9, go to Settings
- Then you want Network and Internet
- Then it’s Data Usage > App Data Usage.
- Check if any unusual apps are at the top of the list for data use. Any DrainerBot app will have gigabytes of data used over mobile during that month.
Oracle says that hundreds of popular apps in the Google Play store were, or had been, infected with the DrainerBot code. Oracle released just five names of the infected apps: Perfect365, VertexClub, Draw Clash of Clans, Touch ‘n’ Beat – Cinema, and Solitaire: 4 Seasons. Of these, only Solitare: 4 Seasons appears to be still in the Google Play store. It’s not known if the DrainerBot code is still in the app, as Oracle has said that not all the apps they found still have the code in.
I remember when the Google Play store was young and unfettered by scammers and other malfeasance. The real issues were sideloading apps found on other sites. It appears increasingly true that Google is having trouble policing all of its platforms, so keep vigilant with checking things like data use.
- Logitech is bringing back its best gaming mouse, the MX518
- Samsung’s foldable phone, the Galaxy Fold, doesn’t come with a headphone jack
- Anker made Apple’s AirPower charger that nobody asked for
- Fortnite Nerf guns finally exist, a soaking dream of perfect branding
- Hate flying? Then you’re really going to hate airplane seat cameras